Joomla Path Constants and URLs

[robbiejackson]

User description

Updated from https://docs.joomla.org/Constants and https://docs.joomla.org/URLs_in_Joomla

---

PR Type

Documentation

---

Description

• Add comprehensive documentation for Joomla path constants

• Add detailed guide for Joomla URI/URL handling and management

• Document URL segments, methods, and standard query parameters

• Provide code examples for URL manipulation and routing

---

Diagram Walkthrough

flowchart LR
  A["Documentation<br/>Structure"] --> B["Path Constants<br/>Guide"]
  A --> C["URLs & URI<br/>Guide"]
  B --> D["Fixed Path<br/>Constants"]
  B --> E["Variable Path<br/>Constants"]
  C --> F["URL Segments<br/>& Methods"]
  C --> G["URL Specification<br/>Patterns"]
  C --> H["Routing &<br/>Query Parameters"]

Loading

File Walkthrough

Relevant files

Documentation

path-constants.md Joomla path constants reference documentation                        docs/general-concepts/path-constants.md New documentation file explaining Joomla path constants used for file operations Documents fixed path constants like JPATH_ROOT, JPATH_SITE, JPATH_ADMINISTRATOR, etc. Documents variable path constants like JPATH_BASE that depend on execution context Includes notes on security considerations and deprecated constants +63/-0    url.md Complete Joomla URLs and URI class documentation                  docs/general-concepts/url.md Comprehensive guide to Joomla's Uri class for URL management Documents URL segment components (scheme, host, port, path, query, fragment) Explains Uri::root() and Uri::base() static methods with examples Covers URL specification patterns: external, internal static, and internal dynamic URLs Documents Route::_() and Route::link() methods for URL routing Lists standard query parameters (option, view, layout, id, Itemid, etc.) Describes additional Uri methods (toString, isSsl, isInternal, current) +264/-0

---

[qodo-code-review]

PR Compliance Guide 🔍

Below is a summary of compliance checks for this PR:

Security Compliance

⚪

XSS in example Description: The documentation example prints an attribute using an unescaped, programmatically constructed URL (echo "..."), which could encourage XSS if readers later build $joomlaNews from untrusted input; prefer escaping for HTML attributes (e.g., htmlspecialchars($joomlaNews, ENT_QUOTES, 'UTF-8')) or using Joomla HTML helper utilities. url.md [103-111] Referred Code ```php use Joomla\CMS\Uri\Uri; ... $joomla = Uri::getInstance("//www.joomla.org"); $joomla->setScheme("https"); $joomla->setPath("/announcements"); $joomlaNews = $joomla->toString(); // https://www.joomla.org/announcements echo "<a href='$joomlaNews'>Joomla news</a><br>"; </details></details></td></tr> <tr><td colspan='2'><strong>Ticket Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary>🎫 <strong>No ticket provided </strong></summary> - [ ] Create ticket/issue <!-- /create_ticket --create_ticket=true --> </details></td></tr> <tr><td colspan='2'><strong>Codebase Duplication Compliance</strong></td></tr> <tr><td>⚪</td><td><details><summary><strong>Codebase context is not defined </strong></summary> Follow the <a href='https://qodo-merge-docs.qodo.ai/core-abilities/rag_context_enrichment/'>guide</a> to enable codebase context checks. </details></td></tr> <tr><td colspan='2'><strong>Custom Compliance</strong></td></tr> <tr><td rowspan=5>🟢</td><td> <details><summary><strong>Generic: Comprehensive Audit Trails</strong></summary><br> **Objective:** To create a detailed and reliable record of critical system actions for security analysis <br>and compliance.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Meaningful Naming and Self-Documenting Code</strong></summary><br> **Objective:** Ensure all identifiers clearly express their purpose and intent, making code <br>self-documenting<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Robust Error Handling and Edge Case Management</strong></summary><br> **Objective:** Ensure comprehensive error handling that provides meaningful context and graceful <br>degradation<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Error Handling</strong></summary><br> **Objective:** To prevent the leakage of sensitive system information through error messages while <br>providing sufficient detail for internal debugging.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td> <details><summary><strong>Generic: Secure Logging Practices</strong></summary><br> **Objective:** To ensure logs are useful for debugging and auditing without exposing sensitive <br>information like PII, PHI, or cardholder data.<br> **Status:** Passed<br> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td rowspan=1>⚪</td> <td><details> <summary><strong>Generic: Security-First Input Validation and Data Handling</strong></summary><br> **Objective:** Ensure all data inputs are validated, sanitized, and handled securely to prevent <br>vulnerabilities<br> **Status:** <br><a href='https://github.com/joomla/Manual/pull/576/files#diff-c25fe22a3ffc464a858a0e3dff5415076842191f8d1f15549b01dc11e8ca6d5dR109-R111'><strong>Unescaped URL output</strong></a>: The documentation example outputs <code>$joomlaNews</code> directly into an HTML attribute without <br>demonstrating escaping/sanitization, which can encourage XSS-prone patterns when readers <br>adapt the snippet to dynamic input.<br> <details open><summary>Referred Code</summary> ```markdown $joomlaNews = $joomla->toString(); // https://www.joomla.org/announcements echo "<a href='$joomlaNews'>Joomla news</a><br>"; </details> > Learn more about managing compliance <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#configuration-options'>generic rules</a> or creating your own <a href='https://qodo-merge-docs.qodo.ai/tools/compliance/#custom-compliance'>custom rules</a> </details></td></tr> <tr><td align="center" colspan="2"> - [ ] Update <!-- /compliance --update_compliance=true --> </td></tr></tbody></table> <details><summary>Compliance status legend</summary> 🟢 - Fully Compliant<br> 🟡 - Partial Compliant<br> 🔴 - Not Compliant<br> ⚪ - Requires Further Human Verification<br> 🏷️ - Compliance label<br> </details>

[qodo-code-review]

PR Code Suggestions ✨

Explore these optional code suggestions:

Category	Suggestion	Impact
General	Update documentation for a deprecated parameter Update the documentation for Uri::root() to mention that its second parameter, $path, is deprecated and will be removed in Joomla 7.0. docs/general-concepts/url.md [70-73] -The second parameter to `Uri::root()`, namely `$path`, sets the path locally within the Uri class, -and will get used in subsequent invocations of `Uri::root()` +The second parameter to `Uri::root()`, namely `$path`, is deprecated and will be removed in Joomla 7.0. +It sets the path as a static variable within the Uri class, which will affect subsequent invocations of `Uri::root()` (by any other extensions which are generating content for the web page). -Hence it's strongly advised that you don't set this parameter. +Hence it's strongly advised that you do not set this parameter. Apply / Chat Suggestion importance[1-10]: 6 __ Why: The suggestion improves the documentation's accuracy by adding a deprecation notice for a parameter, which is valuable information for developers.	Low
	✅ Fix a typo in a variable name Suggestion Impact: The documentation line for the tls parameter was corrected to use proper inline code formatting ("`$tls`") instead of the malformed "$`tls`". code diff: -- $`tls` (default = self::TLS_IGNORE) – defines whether the output URL should be http or https +- `$tls` (default = self::TLS_IGNORE) – defines whether the output URL should be http or https Correct the markdown formatting for the $tls parameter from $tls to $tls. docs/general-concepts/url.md [187] -- $`tls` (default = self::TLS_IGNORE) – defines whether the output URL should be http or https +- `$tls` (default = self::TLS_IGNORE) – defines whether the output URL should be http or https [Suggestion processed] Suggestion importance[1-10]: 4 __ Why: The suggestion correctly identifies and fixes a markdown formatting error, improving the readability and professionalism of the documentation.	Low
Update